From bcd3b655205b99132c17a77ec715eca19c11f1a8 Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Tue, 9 Jun 2026 16:00:32 +0000 Subject: [PATCH] Run panel on dedicated novacpx-web Nginx service; fix auth/transaction methods - deploy/nginx-panel.conf: standalone Nginx config for ports 8880-8883 - deploy/novacpx-web.service: systemd unit, survives apache2/nginx stop - server_setup.php: fix Auth::requireRole() -> require('admin') - DB.php: add beginTransaction()/commit()/rollback() methods --- deploy/nginx-panel.conf | 133 +++++++++++++++++++++++++++ deploy/novacpx-web.service | 19 ++++ panel/api/endpoints/server_setup.php | 2 +- panel/lib/DB.php | 4 + 4 files changed, 157 insertions(+), 1 deletion(-) create mode 100644 deploy/nginx-panel.conf create mode 100644 deploy/novacpx-web.service diff --git a/deploy/nginx-panel.conf b/deploy/nginx-panel.conf new file mode 100644 index 0000000..91e6a36 --- /dev/null +++ b/deploy/nginx-panel.conf @@ -0,0 +1,133 @@ +# NovaCPX dedicated panel web server +# Runs as novacpx-web.service — independent of system Apache/Nginx + +user www-data; +pid /run/novacpx-nginx.pid; +error_log /var/log/novacpx/nginx-error.log; + +events { worker_connections 64; } + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + access_log /var/log/novacpx/nginx-access.log; + sendfile on; + gzip on; + + # ── Admin Panel (8882) ───────────────────────────────────────────────────── + server { + listen 8882 ssl; + server_name _; + root /srv/novacpx/public/admin; + index index.php index.html; + ssl_certificate /etc/novacpx/ssl/novacpx.crt; + ssl_certificate_key /etc/novacpx/ssl/novacpx.key; + ssl_protocols TLSv1.2 TLSv1.3; + + location / { try_files $uri $uri/ /index.php?$query_string; } + location /assets { root /srv/novacpx/public; } + location /lib { deny all; } + + location ~ \.php$ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SERVER_PORT 8882; + fastcgi_read_timeout 300; + } + + location /api/ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /srv/novacpx/public/api/index.php; + fastcgi_param SERVER_PORT 8882; + fastcgi_read_timeout 300; + } + } + + # ── Reseller Panel (8881) ────────────────────────────────────────────────── + server { + listen 8881 ssl; + server_name _; + root /srv/novacpx/public/reseller; + index index.php index.html; + ssl_certificate /etc/novacpx/ssl/novacpx.crt; + ssl_certificate_key /etc/novacpx/ssl/novacpx.key; + ssl_protocols TLSv1.2 TLSv1.3; + + location / { try_files $uri $uri/ /index.php?$query_string; } + location /assets { root /srv/novacpx/public; } + location /lib { deny all; } + + location ~ \.php$ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SERVER_PORT 8881; + fastcgi_read_timeout 300; + } + + location /api/ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /srv/novacpx/public/api/index.php; + fastcgi_param SERVER_PORT 8881; + fastcgi_read_timeout 300; + } + } + + # ── User Panel (8880) ────────────────────────────────────────────────────── + server { + listen 8880 ssl; + server_name _; + root /srv/novacpx/public/user; + index index.php index.html; + ssl_certificate /etc/novacpx/ssl/novacpx.crt; + ssl_certificate_key /etc/novacpx/ssl/novacpx.key; + ssl_protocols TLSv1.2 TLSv1.3; + + location / { try_files $uri $uri/ /index.php?$query_string; } + location /assets { root /srv/novacpx/public; } + location /lib { deny all; } + + location ~ \.php$ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SERVER_PORT 8880; + fastcgi_read_timeout 300; + } + + location /api/ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /srv/novacpx/public/api/index.php; + fastcgi_param SERVER_PORT 8880; + fastcgi_read_timeout 300; + } + } + + # ── Webmail (8883) ───────────────────────────────────────────────────────── + server { + listen 8883 ssl; + server_name _; + root /usr/share/roundcube; + index index.php; + ssl_certificate /etc/novacpx/ssl/novacpx.crt; + ssl_certificate_key /etc/novacpx/ssl/novacpx.key; + ssl_protocols TLSv1.2 TLSv1.3; + + location / { try_files $uri $uri/ /index.php; } + location ~ \.php$ { + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_read_timeout 120; + } + location ~ /\.(ht|git) { deny all; } + } +} diff --git a/deploy/novacpx-web.service b/deploy/novacpx-web.service new file mode 100644 index 0000000..159a064 --- /dev/null +++ b/deploy/novacpx-web.service @@ -0,0 +1,19 @@ +[Unit] +Description=NovaCPX Panel Web Server (dedicated Nginx) +After=network.target php8.3-fpm.service +Wants=php8.3-fpm.service + +[Service] +Type=forking +PIDFile=/run/novacpx-nginx.pid +ExecStartPre=/usr/sbin/nginx -t -c /etc/novacpx/nginx-panel.conf +ExecStart=/usr/sbin/nginx -c /etc/novacpx/nginx-panel.conf +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s QUIT $MAINPID +TimeoutStopSec=5 +PrivateTmp=true +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target diff --git a/panel/api/endpoints/server_setup.php b/panel/api/endpoints/server_setup.php index 4bc98bb..9792e2f 100644 --- a/panel/api/endpoints/server_setup.php +++ b/panel/api/endpoints/server_setup.php @@ -4,7 +4,7 @@ */ $db = DB::getInstance(); $body = json_decode(file_get_contents('php://input'), true) ?? []; -Auth::getInstance()->requireRole(['admin']); +Auth::getInstance()->require('admin'); function getSetting(string $key, $db): ?string { return $db->fetchOne("SELECT value FROM settings WHERE `key` = ?", [$key])['value'] ?? null; diff --git a/panel/lib/DB.php b/panel/lib/DB.php index 1fe1bce..6070358 100644 --- a/panel/lib/DB.php +++ b/panel/lib/DB.php @@ -117,5 +117,9 @@ class DB { return $this->pdo->lastInsertId(); } + public function beginTransaction(): void { $this->pdo->beginTransaction(); } + public function commit(): void { $this->pdo->commit(); } + public function rollback(): void { if ($this->pdo->inTransaction()) $this->pdo->rollBack(); } + public function pdo(): PDO { return $this->pdo; } }